Haktuts-Hacking News

All About ethical hacking,hacking news hacker news,security news,privacy Issue,cyber crime,pentesting tools,open sources,cyber security, information security, technology news,how-to,Tips and tricks and dark web news

Stored XSS vulnerability in "WordPress plugin" could allow attacker to completely take over site

in: bug in wordpress plugin Hacking News Jetpack plugin NEWS security Stored-xss wordpress wordpress plugin XSS

Researchers with Sucuri have found a XSS vulnerability in the wordpress popular plugin "Jetpack ".

The cross site scripting vulnerability in wordpress plugin allow attacker to completely take the site. The vulnerability lies in the wordpress jetpack plugin version 3.7 or lower.The issue was fixed earlier this week with the release of Jetpack 3.7.1 and 3.7.2

The Jetpack plugin provide various features like website customization, Overview of traffic, Mobile v/s Desktop traffic, content and performance tools.More insecure part is ,millions of site owner still running the older version of Wordpress jetpack plugin.
According to a Sucuri post, published on Thursday, "an attacker can exploit this vulnerability by entering a specially crafted malicious email address into website's contact form pages".
“As the email is not sanitized properly before being output on the ‘Feedback' administrative section, bug allow attacker to execute JavaScript code on the administrator's end and provide full access to attacker on site.

In a Friday, Marc-Alexandre Montpas, vulnerability researcher with Sucuri,that Sucuri has not observed any instances of the stored XSS bug being exploited in the wild. However, he added that attackers may attempt to develop exploits now that the release is out.

According to Montpas, the bug is very easy to exploit.

“As it's a stored XSS bug, the attacker has to wait for an administrator to visit the plugin's Feedback section to silently trigger [the] attack payload,” Montpas said. “If this happens, nothing stops the malicious script from taking control of the site, which is extremely dangerous.”

0 comments:

Post a Comment

Newer Post Older Post Home
Powered by Blogger.

Labels

  • Ethical hacking course

Featured post

Free Ethical Hacking Tranning

Ethical hacking and pentesting from beginners to advance are given below: Introduction Hackers Hierarchy Hackers Keyword Virus Typ...

Popular Posts

  • How to secure android device from spying and location tracking
    Ever  puzzled   regarding  being snooped  on-line  by  the large    companies?  will  it raise associate  alarm in your head?  affirmative...
  • How To Unfriend All Facebook Friend In Single Click Using Firefox|Chrome|Opera Browser
    Unfriend all the facebook friend in single click is quite simple,just follow the given below : Steps to unfriend all the facebook friend...
  • How to become admin of any facebook fan page (Hijack Facebook Fan Page)
    Hacking Any Facebook Page The latest bug in Social networking site facebook could allow attackers to  take over control of your Facebo...
  • List of Top 20 Google dorks
    What is google hacking? Google hacking involves using advanced operators in the google search engine to locate the specific string of ...
  • CEH v9 : Certified Ethical Hacker V9 PDFs & Tools Download
    Download Certified Ethical Hacking ( CEHv9 ) PDF & Tools. This is a PDF & Tools collection of CEH | V9. Read to learn How to Hack ...
  • How To Root Xiaomi Redmi Note 4 using android application
    How To Root Xiaomi Redmi Note 4 using android application Towel Root? 1). Download towel root 2). Install the application 3). Ru...
  • Free Ethical Hacking Tranning
    Ethical hacking and pentesting from beginners to advance are given below: Introduction Hackers Hierarchy Hackers Keyword Virus Typ...
  • How to build linux web server
    How to build linux web server Out for a walk one day, a woman came across a construction site and saw three men working. She asked the ...
  • How to Hack|Crack wpa wpa2-psk wifi using social engineering technique WIFIPHISHER
    Requirements Kali Linux. Two wireless network adapters; one capable of injection. Wifiphisher script  Follow the given below ste...
  • Free download Android Hacker’s Handbook
    Free download Android Hacker’s Handbook

About This Blog